AMENDMENTS TO THE CLAIMS 



1 . (Currently Amended) 1 . A system of securely controlling a wireless mobile communication 

device, comprising: 

a plurality of domains residing on a wireless mobile communication device, each domain 
including an asset of the wireless mobile communication device; and 

a domain controlle r, on the mobile device, configured to receive a request to perform an 
operation affecting at least one of the assets, to determine whether the request originated with an 
entity that has a trust relationship with the domain that includes the at least one affected asset, 
and to permit completion of the operation where i f the request originated with an entity that has a 
trust relationship with the domain that includes the at least one affected asset. 

2. (Original) The system of claim 1, further comprising a key store for storing cryptographic 
keys associated with the domam that includes the at least one affected asset, wherein the domain 
controller is configured to determine whether the request originated with an entity that has a trust 
relationship with the domain using the cryptographic keys. 

3. (Original) The system of claim 1, wherein the domain controller is configured to determine 
whether the request originated with the entity that has a trust relationship with the domain that 
includes the at least one affected asset by determining whether the domain that includes the at 
least one affected asset also includes the entity. 
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4. (Currently Amended) The system of claim 1, wherein the at least one domain further 
includes as an asset a software application for which the domain controller permits completion of 
the operation upon the software application wh o re if the request originated with an entity that has 
a trust relationship with the at least one domain that includes as an asset the software application. 

5. (Original) The system of claim 4, wherein at least one of the domains comprises a plurality 
of domains, and wherein the wireless mobile communication device fiirther comprises a super 
user software application that has a trust relationship with more than one of the plurality of 
domains. 

6. (Original) The system of claim 5, wherein each of the more than one of the plurality of 
domains includes the super user software application. 

7. (Original) The system of claim 1, wherein the domain controller is fiirther configured to 
receive information, and to place the information into a domain. 

8. (Original) The system of claim 1, wherein the at least one asset is selected from the group 

consisting of: 

communication pipes, persistent data, properties, and software applications. 

9. (Currently Amended) The system of claim 1, fiirther comprising a data store for storing 
properties, wherein the domain controller is fiirther configured to determine whether the 
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operation is permitted by properties in the data store, and to permit completion of the operation 
wher e if the operation is permitted by the properties in the data store. 

10. (Original) The system of claim 9, wherein each property is global, domain-specific, or 
specific to a particular software application on the wireless mobile communication device. 

1 1 . (Currently Amended) A method for secure control of a wireless mobile communication 
device, comprising: 

segregating assets of the wireless mobile communication device into a plurality of 
domains, each domain including at least one asset of the wireless mobile communication device; 

receiving a request to perform an operation affecting at least one of the assets; 

determining via a domain controller on the mobile device w hether the operation is 
permitted by the domain that includes the affected asset; and 

allowing the operation to be completed wh e re the operation is permitted by the domain 
that includes the affected asset. 

12. (Original) The method of claim 11, wherein the step of determining comprises the step of 
determining whether the request originated with an entity that has a trust relationship with the 
domain that includes the at least one affected asset. 

13. (Original) The method of claim 12, wherein the step of determining whether the request 
originated with an entity that has a trust relationship with the domain that includes the at least 
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one affected asset comprises the step of determining whether the domain that includes the at least 
one affected asset also includes the entity. 

14. (Original) The method of claim 12, wherein the request originates from a software 

application, and wherein the step of determining whether the request originated with an entity 
that has a trust relationship with the domain that includes the at least one affected asset 
comprises the step of verifying a digital signature of the software application using a 
cryptographic key associated with the domain. 

15. (Original) The method of claim 11, further comprising the steps of: 

receiving information; and 

associating the information with at-least one of the plurality of domains. 

16. (Original) The method of claim 15, wherein the step of associating comprises the step of 
determining with which domains the information is to be associated in accordance with domain 
policies. 

17. (Original) The method of claim 16, wherein the domain policies specify that information is 
to be associated with domains based on one or more of: 

a source of the information, an indicator of a domain in the information, a communication 
pipe over which the information is received, a digital signature of the information, an access list 
describing allowed domain information, and an input from a user of the wireless mobile 
communication device. 
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18. (Currently Amended) The method of claim 11, further comprismg the step of: 

determining whether the operation is permitted by properties stored at the wireless mobile 
communication device, 

wherein the step of allowing comprises the step of allowing the operation to be completed 
w her e if the operation is permitted by both the domain and the properties. 

19. (Original) The method of claim 18, wherein the step of determining whether the operation is 
permitted by properties stored at the wireless mobile communication device comprises the step 
of checking global properties for the wireless mobile communication device and domain 
properties for the domain that includes the at least one affected asset. 

20. (Original) The method of claim 19, wherein the request originates from a software 
application, and wherein the step of determining whether the operation is permitted by properties 
stored at the wireless mobile communication device fiirther comprises the step of checking 
application properties for the software application. 
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